New 'PromptSpy' Malware Uses Generative AI

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which allows attackers to remotely view the infected device's screen and perform actions. - PromptSpy uses Google's Gemini model to analyze the device's user interface and provide instructions on how to keep the malicious app pinned in the recent apps list, making it more difficult for the user to close it. - Beyond its use of AI for persistence, the malware can also capture lockscreen PINs, passwords, and patterns; it achieves the latter by recording a video of the screen. - To prevent its removal, PromptSpy abuses Accessibility Services to create invisible overlays on top of buttons like "Uninstall" or "Force stop," which intercept the user's taps. The only way to remove the malware is to reboot the device into Safe Mode. - This is the second known instance of AI-powered malware discovered by ESET, following the AI-driven ransomware "PromptLock" found in August 2025. - Evidence such as language localization suggests the malware was developed in a Chinese-speaking environment and appears to be financially motivated, with a distribution campaign primarily targeting users in Argentina. - The malware has not been found on the Google Play Store and is instead distributed through dedicated websites. Google Play Protect does, however, automatically protect users from known versions of this threat. - As of its discovery, PromptSpy had not been widely detected in the wild, leading researchers to believe it may be a proof of concept.